Author: Admin
September 23, 2024Ravi LakshmananCyber Security / Cyber Threat Hang in there folks, because the cybersecurity landscape has been terrifying this past week! We’ve seen everything from North Korean hackers landing their “dream jobs” to expose new malware to a surprising twist in the Apple vs. NSO Group saga. Even in the seemingly mundane world of domain names and cloud configurations, there was some drama. Let’s dig into the details and see what lessons we can learn from last week. ⚡ Threat of the week Raptor Train botnet dismantled: The US government announced taking down the Raptor Train botnet controlled by…
September 23, 2024Ravi LakshmananEncryption / Data Protection The popular social messaging platform Discord has announced that it is releasing a new user-defined end-to-end encrypted (E2EE) protocol for secure audio and video calls. The protocol is duplicated DAVEshort for Discord End-to-end Audio and Video Encryption (“E2EE A/V”). As part of the changes made last week, voice and video transmissions in DMs, group DMs, voice channels and Go Live broadcasts are expected to move to using DAVE. However, it should be noted that messages on Discord will remain unencrypted and subject to a content moderation approach. “When we consider adding new privacy…
September 23, 2024Ravi LakshmananIoT Security / Vulnerability A critical security flaw has been discovered in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. Vulnerability, tracked as CVE-2024-7490has a CVSS score of 9.5 out of a maximum of 10.0. This has been described as a stack overflow vulnerability in the ASF implementation of the tinydhcp server that results from a lack of proper input validation. “A vulnerability exists in all publicly available examples of the ASF codebase that allows a specially crafted DHCP request to cause a stack overflow that could lead to…
September 23, 2024Ravi LakshmananSoftware security / supply chain Threat actors linked to North Korea have used poisoned Python packages as a way to deliver new malware called PondRAT as part of an ongoing campaign. According to new findings by Palo Alto Networks Unit 42, PondRAT is believed to be a lighter version of POOLRAT (aka SIMPLESEA), a well-known macOS backdoor previously attributed to the Lazarus Group and deployed in attacks related to Art 3CX Supply Chain Compromise last year. Some of these attacks are part of an ongoing campaign of cyberattacks called Operation Dream Job.where potential targets are lured with…
September 23, 2024Ravi LakshmananCyber espionage / malware An alleged Advanced Persistent Threat (APT) originating in China targeted a government organization in Taiwan and possibly other countries in the Asia-Pacific region (APAC) using a recently patched critical security flaw affecting OSGeo GeoServer GeoTools. The intrusion activity discovered by Trend Micro in July 2024 was attributed to a threat actor named The land of Baxia. “Based on the collected phishing emails, fraudulent documents, and incident observations, it appears that the primary targets are government agencies, telecommunications companies, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand,” researcher Ted…
A hacking group known as the Twelve has been seen using an arsenal of publicly available tools to launch destructive cyberattacks against Russian targets. “Instead of demanding a ransom for data decryption, Twelve prefers to encrypt victims’ data and then wipe out their infrastructure to prevent recovery,” Kaspersky said. said in Friday’s analysis. “This approach indicates a desire to cause maximum damage to target organizations without receiving direct financial benefit.” The hacking group, which is believed to have been formed in April 2023 after the start of the Russian-Ukrainian war, has a track record of intensifying cyber attacks aimed at…
September 21, 2024Ravi LakshmananNational Security / Cyber Attack Ukraine has restricted the use of the Telegram messaging app by government officials, the military and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Cyber Security Coordination Center (NCCC) in a Facebook post. “I have always advocated and am advocating freedom of speech, but the issue of Telegram is not an issue of freedom of speech, it is an issue of national security,” said the head of Ukraine’s GUR, Kirill Budanov. said. National Security and Defense Council of Ukraine (NSDA) said that Telegram…
September 21, 2024Ravi LakshmananPrivacy / Artificial Intelligence The UK’s Information Commissioner’s Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended the processing of user data in the country to train its artificial intelligence (AI) models. “We are pleased that LinkedIn has considered the concerns we raised about its approach to training generative AI models with information relating to UK users,” said Stephen Almond, executive director of regulatory risk. said. “We welcome LinkedIn’s confirmation that it has suspended such model training pending further engagement with the ICO.” Almond also said the ICO intends to closely monitor companies offering…
Law enforcement agencies have announced the dismantling of an international criminal network that used a phishing platform to unlock stolen or lost cellphones. A phishing-as-a-service (PhaaS) platform called iServer is estimated to have affected more than 483,000 victims worldwide, primarily from Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru ( 41,500), Spain (30,000), Argentina (29,000). “The victims are mostly Spanish-speaking citizens from Europe, North and South America,” Europol said said in a statement to the press. Law enforcement and judicial authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru took part in the action, which was named Operation Kaerb. In accordance…
An Iranian Advanced Persistent Threat (APT) threat actor believed to be affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access broker providing remote access to targeted networks. Google-owned Mandiant tracks a cluster of pseudonymous activity UNC1860which he says has similarities to intrusion kits tracked by Microsoft, Cisco Talos and Check Point as Storm-0861 (formerly DEV-0861), Shrouded Snooperand Scarred Manticorerespectively. “A key feature of the UNC1860 is its set of specialized tools and passive backdoors, which (…) support several purposes, including its role as a likely initial access provider and its ability to gain…